Location: PHPKode > projects > Quick Guestbook > quicktalk/qtg_msg_add.php
<?php

/**
* PHP versions 4 and 5
*
* LICENSE: This source file is subject to version 3.0 of the PHP license
* that is available through the world-wide-web at the following URI:
* http://www.php.net/license.  If you did not receive a copy of
* the PHP License and are unable to obtain it through the web, please
* send a note to hide@address.com so we can mail you a copy immediately.
*
* @package    QuickTalk Guestbook
* @author     Philippe Vandenberghe <hide@address.com>
* @copyright  2009-2012 The PHP Group
* @version    2.5 build:20100731
*/

session_start();
require_once('bin/qtg_init.php');

// SECURITY

if ( $qtg_checkip ) {
if ( !empty($qtg_checkip_list) ) {
  if ( strstr($qtg_checkip_list,($_SERVER['REMOTE_ADDR'])) ) die($L['E_ip_denied']);
}}

// INI

$oPost = new cPost();

$pg_name=$L['Sign'.$qtg_type];
$pg_url='qtg_msg_add.php';

// Map

if ( !empty($qtg_gkey) )
{ 
  include('qtg_map_lib.php');
  include(GetLang().'qtg_map.php');
  $strBodyAddOnunload='GUnload()';
}

// --------
// PROCESS POST
// --------

if ( isset($_POST['ok']) )
{

  // read values
  if ( isset($_POST['from']) ) $oPost->postfrom = substr(strip_tags(trim($_POST['from'])),0,50); if ( get_magic_quotes_gpc() ) $oPost->postfrom = stripslashes($oPost->postfrom);
  if ( isset($_POST['mail']) ) $oPost->useremail = substr(strip_tags(trim($_POST['mail'])),0,50);
  if ( isset($_POST['name']) ) $oPost->name = substr(strip_tags(trim($_POST['name'])),0,50); if ( get_magic_quotes_gpc() ) $oPost->name = stripslashes($oPost->name);
  if ( isset($_POST['msg']) )  $oPost->message = strip_tags(trim($_POST['msg'])); if ( get_magic_quotes_gpc() ) $oPost->message = stripslashes($oPost->message);
  if ( isset($_POST['age']) )
  {
    $_POST['age'] = trim($_POST['age']);
    if ( empty($_POST['age']) ) { $oPost->userage = -1; } else { $oPost->userage = intval($_POST['age']); }
  }
  // check code
  if ( isset($_POST['code']) ) $strCode = substr(trim($_POST['code']),0,4);
  if ( empty($error) && $qtg_antispam<>0 )
  {
    if ( !QTisbetween(intval($strCode),0,9999) ) $error = $L['E_code'];
    if ( $_SESSION['textcolor'] != sha1($strCode) ) $error = $L['E_code'];
  }

  // check values
  if ( empty($error) )
  {
    // mandatory fields
    $oPost->name = QTconv($oPost->name,'2',QT_CONVERT_AMP);
    $oPost->message = QTconv($oPost->message,'2',QT_CONVERT_AMP);
    if ( empty($oPost->name) ) $error = $L['Name'].' '.$L['E_invalid'];
    if ( empty($oPost->message) )  $error = $L['Message'].' '.$L['E_invalid'];
    $oPost->message = str_replace("\r\n\r\n\r\n","\r\n\r\n",$oPost->message);
    $oPost->message = str_replace("\n\n\n","\n\n",$oPost->message);     
    if ( !$oPost->CheckMessage($qtg_max_size,2,2) ) $error = $L['E_size'];
    if ( isset($_POST['m_map_gcenter']) ) { $oPost->x = QTgetx($_POST['m_map_gcenter']); $oPost->y = QTgety($_POST['m_map_gcenter']); } else { $oPost->x=0;$oPost->y=0; }
  }

  // check optional fields
  if ( empty($error) && $oPost->userage>=0 ) { if ( !QTisbetween($oPost->userage,1,120) ) $error = $L['Age'].' '.$L['E_invalid']; }
  if ( empty($error) && $oPost->useremail!='' ) { if ( !QTismail($oPost->useremail) ) $error = $L['E_email']; }
  if ( empty($error) && $oPost->postfrom!='' ) { $oPost->postfrom = QTconv($oPost->postfrom,'2',QT_CONVERT_AMP); }

  // multipost check
  if ( empty($error) && TooMuch($qtg_max_day) ) $error = $L['E_maxday'];

  // flood check
  if ( empty($error) && !LastPostDelayAcceptable($qtg_max_sec) ) $error = $L['E_wait'];

  // check message meaning
  if ( empty($error) && $qtg_meaning )
  {
    if ( !$oPost->CheckMeaning() ) $error = $L['E_language'];
  }

  // check message wording
  if ( empty($error) && $qtg_checklang )
  {
    $b=false;
    include(GetLang().'qtg_goodbad.php');
    if ( $oPost->CheckWording($voc) ) $b=true;
    // check other languages if multiple lang allowed
    if ( !$b && $qtg_menulang )
    {
      include('bin/qtg_lang.php'); // this create $arrLang
      $arrLangDir = QTarrget($arrLang,2);
      unset($arrLangDir[GetIso()]);
      foreach($arrLangDir as $str)
      {
      include(GetLang($str).'qtg_goodbad.php');
      if ( $oPost->CheckWording($voc) ) { $b=true; break; }
      }
    }
    if ( !$b ) $error=$L['E_language'];
  }

  // save value
  if ( empty($error) )
  { 

    $_SESSION['qtg_beginedit'] = time()-1;
    $_SESSION['qtg_endedit'] = time()+300;
    $oPost->Insert();    

    // notify
    if ( isset($qtg_notify) ) {
    if ( QT_NOTIFYAFTER>0 ) {
    if ( !empty($qtg_notify) ) {
      
      $strM = date('Ym');
      switch(substr($oDB->type,0,5))
      {
      case 'mysql': 
        $oDB->Query( 'SELECT count(id) as countid FROM '.TABMESSAGE.' WHERE id>=0 AND LEFT(issuedate,6)="'.$strM.'"' );
        $row = $oDB->Getrow();
        $intCount = $row['countid'];
        break;
      case 'mssql':
        $oDB->Query( 'SELECT count(id) as countid FROM '.TABMESSAGE.' WHERE id>=0 AND LEFT(issuedate,6)="'.$strM.'"' );
        $row = $oDB->Getrow();
        $intCount = $row['countid'];
        break;
      case 'pg':
        $oDB->Query( 'SELECT count(id) as countid FROM '.TABMESSAGE.' WHERE id>=0 AND SUBSTRING(issuedate,1,6)="'.$strM.'"' );
        $row = $oDB->Getrow();
        $intCount = $row['countid'];
        break;
      case 'ibase':
        $oDB->Query( 'SELECT count(id) as countid FROM '.TABMESSAGE.' WHERE id>=0 AND SUBSTRING(issuedate FROM 1 FOR 6)="'.$strM.'"' );
        $row = $oDB->Getrow();
        $intCount = $row['countid'];
        break;
      case 'sqlit':
        $oDB->Query( 'SELECT count(id) as countid FROM '.TABMESSAGE.' WHERE id>=0 AND SUBSTR(issuedate,1,6)="'.$strM.'"' );
        $row = $oDB->Getrow();
        $intCount = $row['countid'];
        break;
      case 'db2':
        $oDB->Query( 'SELECT count(id) as countid FROM '.TABMESSAGE.' WHERE id>=0 AND SUBSTR(issuedate,1,6)="'.$strM.'"' );
        $row = $oDB->Getrow();
        $intCount = $row['countid'];
        break;
      case 'oci':
        $oDB->Query( 'SELECT count(id) as countid FROM '.TABMESSAGE.' WHERE id>=0 AND SUBSTR(issuedate,1,6)="'.$strM.'"' );
        $row = $oDB->Getrow();
        $intCount = $row['countid'];
        break;
      case 'file':
        $intCount = $oDB->FilesCount('',QT_NOTIFYAFTER+1,$strM,$strM,false); // count files this month (can stop counting if more that QT_NOTIFYAFTER)
        break;
      default: $intCount=0; //continue without notification
      }

      if ( $intCount==QT_NOTIFYAFTER ) mail( $qtg_notify,'Notification from QuickTalk guestbook',$intCount.' messages registering this month.' );

    }}}

    // exit  
    include('qtg_p_header.php');
    echo '
    <h2>',$L['Message_send'],'</h2>',$qtg_back,'
    <script type="text/javascript">
    <!--
    setTimeout(\'window.location=document.getElementById("exiturl").href\',3000);
    -->
    </script>
    ';
    include('qtg_p_footer.php');
    exit;
  }

}

// --------
// HTML START
// --------

include('qtg_p_header.php');

echo '<div id="msg_add">
';

echo '<h2>',$pg_name,'</h2>
';

if ( $qtg_actif )
{
  if ( !empty($error) ) echo '<p class="error" style="text-align:center">',$error,'</p>';
  $id=0;
  $formaction = Href('qtg_msg_add.php');
  include('qtg_form_msg.php');
}
else
{
  echo '<p style="text-align:center">';
  if ( file_exists(GetLang().'qtg_stop.txt') ) { include(GetLang().'qtg_stop.txt'); } else { echo 'Guestbook temporary closed. Please wait...'; }
  echo '</p>';
}

echo $qtg_back;
echo '</div>';

// --------
// HTML END
// --------

if ( !empty($qtg_gkey) )
{

$x = QTgetx($qtg_gcenter);
$y = QTgety($qtg_gcenter);  
$strFooterAddScript = QTgmapscript($qtg_gkey).'
<script type="text/javascript">
<!--
'.QTgmappoints(false,$y,$x,'drag',$arrExtData).'
mapload();
-->
</script>
';

}

include('qtg_p_footer.php');

?>
Return current item: Quick Guestbook